Issue
- The variables utilLocator, objectUtil, and staticUtil are restricted and inaccessible to the FreeMarker engine.
- What are the risks of using these variables?
Environment
- All environments
Resolution
- If there are no restrictions, Freemarker templates (ADT) can access critical portal components. Depending on the privilege of this variable, this can cause Freemarker models to access privileged portal resources.
- To mitigate this risk would be that only trusted users should be given the necessary permissions. By limiting who can add/update models in your environment, you can minimize the risk of potential exploitation.
- Review of owners of existing templates may also be required as they have full privileges on the provided templates.
Additional Information
- To make these variables accessible to the FreeMarker engine, please refer to the following link: Creating a new structure with a date field results in a FreeMarker error.
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión